10/19/2017

Three Steps for Superior Cloud Security

In 2016, the total cost of cybercrime was $450 billion. Ransomware alone led to about $1 billion in losses, a valuation that's expected to rise to as much as $5 billion by the end of 2017. Given how cybercrime has dominated headlines lately, these numbers shouldn't be surprising. How, then, can organizations protect themselves from this pervasive problem?

Considering data is more consistently moving through cloud systems, protection that starts at the cloud is a good approach. In a recent webinar, Michael Osterman, the president of Osterman Research, Inc., discussed the benefits and security challenges facing cloud-based emails, data, and attachments. Because, with an Osterman Research, Inc. survey finding that 75 percent of respondents reported falling victim to some form of cybercrime in the previous 12 months, it's as important for organizations to be aware of what the cloud offers as it is to be aware of its risks.

Why the Cloud is the Battlefront of the Future

In many ways, the cloud is safer than in-house IT, because it's subject to strict physical and digital security controls that exceed what most enterprises can achieve independently. As well, it can be a cheaper, more reliable, more extensive means of storage that offers organizations greater flexibility in regards to geographic distribution. Traveling users, for instance, can access all of their desktop functionality, including email and other communications.

Still, the cloud is vulnerable to the same threats that plague on-site deployments, and while cloud-based email servers offer exciting capabilities for scalability, they also expose any information inside of an inbox to cloud-based threats. With the average user receiving around 100 emails a day and one in four emails containing an attachment, that's a massive amount of sensitive data at risk.

How to Build a Wall around a Cloud

Organizations that excel in cloud security focus on policies and practices that keep them ahead of quickly evolving threats, because there is no one-size-fits-all solution. That's why Osterman Research, Inc. recommends using these three strategies:

Map the Architecture of the Cloud. You can't know what you need to protect until you know exactly where your data is located. And because the cloud relies on distributed resources, it's not always apparent where storage takes place and what kind of security each of those locations is subject to. In order to avoid overlooking a key file or weak access point, companies must carefully understand the architecture of their cloud(s).

Create a Detailed Security Strategy. Blocking threats is only possible with a systematic approach. Start by studying the sensitivity of your data and its risk factors. Then set priorities for your security strategy, assign leadership duties, and understand what resources the cloud provider is willing to commit to. When you're using cloud services, you have a shared responsibility model between both you and the cloud provider, so you need to understand who manages certain aspects of your data. In accounting for these diverse risk vectors, a solid security strategy clearly spells out prevention and mitigation strategies for each party.

Implement Comprehensive Tools. No security strategy is complete without a solution that includes automatic email encryption such as ZixEncrypt. Even if data is intercepted in transit, the sensitive content remains unreadable. Anti-malware software is equally important. Because data and applications in the cloud are not protected by a corporate firewall, they must be carefully monitored for malware. Lastly, a comprehensive cybersecurity strategy should include multiple backup platforms — from the cloud to the physical — so that the recovery process won't drastically disrupt daily operations.

Given that the cloud is on the frontier of IT, we at Zix understand that it's an enormous enabler for organizations. Like all frontiers, though, its rewards come with inherent risks. And companies hoping to maximize their success need to address these risks when combatting today's cyber landscape.